TOPIC

DFIR

6 posts

DFIRThreat IntelligenceDetection Engineering+2

Welcome, Analyst

DFIR Lab is an independent research platform for digital forensics, incident response, and threat intelligence — built by practitioners, for practitioners. Here's what you'll find.

Mar 14, 20264 min read

phishingemail-securityemail-headers+8

How to Analyze Phishing Email Headers: A Complete Guide for SOC Analysts

Apr 11, 202610 min read

oc-enrichmentThreat Intelligencevirustotal+4

VirusTotal API Alternative: Cheaper Multi-Source IOC Enrichment for Security Teams

Apr 15, 20269 min read

phishingemail-headerssoc+3

How to Analyze Phishing Email Headers: A Complete Guide for SOC Analysts

Learn how to analyze phishing emails like a SOC analyst: trace delivery paths, verify SPF/DKIM/DMARC, detect spoofing, and automate header analysis.

Apr 3, 202611 min read

exposure-scannerattack-surface-managementapi+1

External Attack Surface Scanner API: Map Your Domain's Exposure in One Call

Learn how an exposure scanner API aggregates 11 intelligence providers—Shodan, SecurityTrails, Criminal IP, and more—into a single API call with a 0–100 risk score. See how DFIR Lab's attack surface management tool compares in cost and capability.

Apr 9, 202610 min read

DFIRincident-responseforensics+2

DFIR Investigation Steps: From Alert to Report

A practical walkthrough of digital forensics investigation steps for SOC analysts — covering detection, containment, eradication, recovery, and reporting based on the NIST SP 800-61 framework.

Apr 11, 202611 min read